Directory Traversal Vulnerability in Automation License Manager by Siemens
CVE-2018-11455

8.8HIGH

Key Information:

Vendor: Siemens
Status: Automation License Manager 5, Automation License Manager 6
Vendor: CVE Published:; 7 August 2018

Summary

A directory traversal vulnerability exists in Siemens Automation License Manager affecting specific versions. This weakness allows an unauthorized remote attacker to access arbitrary files on the system, potentially leading to code execution. The attack requires network access to the affected system and necessitates user interaction, eliminating the need for privileged status or unique conditions. Ensuring that systems are updated to the corrected versions is essential to mitigate this vulnerability.

Affected Version(s)

Automation License Manager 5, Automation License Manager 6 Automation License Manager 5 : All versions < 5.3.4.4 < Automation License Manager 5 : All versions 5.3.4.4

Automation License Manager 5, Automation License Manager 6 Automation License Manager 6 : All versions < 6.0.1 < Automation License Manager 6 : All versions 6.0.1

References

http://www.securityfocus.com/bid/105114

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-92096...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2018
Vulnerability Reserved
May 25, 2018